CONTROL C2 is a command-line based Command and Control Framework built for x64 Windows Operating System. The framework focuses on evasion and therefore the C2 Implant comes with many anti-analysis and runtime detection bypass functionalities.
Download the latest release here.
- Multiple simultaneous sessions
- Multiple simultaneous listeners
- Unhooking functionality for the Implant
- Option for direct and indirect syscalls during certain operations like memory allocation, thread creation etc.
- Delay execution for the Implant
- Hypervisor check option to check for execution under virtual environment
- Process check option to check for common analysis tools and monitoring tools running on the system during execution
- Kill date to stop execution of the implant after the specified date
- AES encryption for communication between Controller and the Implant
- Many post exploitation functionalities supported by the Implant like download file, upload file, registry operations etc.
Take a look at the demo below to see CONTROL C2 in action
Take a look at the PDF inside the download package to get detailed information on features and configuration setup.
- The Implant generated by the Controller communicates with the Controller over TCP
- The Controller generates only binary payload and generation of EXE and DLL is not supported, so users will need a loader to run the payload. The loader can be anything suitable for executing the binary payload
The project is in development and will include more features in the upcoming releases.
This software is intended for use by red teamers and penetration testers. It must not be used for illegal activities or in environments without proper authorization.